[Pkg-phototools-devel] Bug#786792: marked as done (darktable: CVE-2015-3885: input sanitization flaw leading to buffer overflow)
Your message dated Mon, 08 Jun 2015 06:03:48 +
with message-id e1z1qa0-0001fm...@franck.debian.org
and subject line Bug#786792: fixed in darktable 1.6.7-1
has caused the Debian Bug report #786792,
regarding darktable: CVE-2015-3885: input sanitization flaw leading to buffer
overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
786792: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Source: darktable
Version: 1.0.4-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for darktable.
CVE-2015-3885[0]:
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
| allows remote attackers to cause a denial of service (crash) via a
| crafted image, which triggers a buffer overflow, related to the len
| variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-3885
[1] http://www.ocert.org/advisories/ocert-2015-006.html
This does not seem to warrant a DSA, but it would be nice to have it
fixed in jessie and wheezy as well. Could you contact the stable
release managers to have an update through a wheezy- and
jessie-proposed-update?
Regards,
Salvatore
---End Message---
---BeginMessage---
Source: darktable
Source-Version: 1.6.7-1
We believe that the bug you reported is fixed in the latest version of
darktable, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 786...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Bremner brem...@debian.org (supplier of updated darktable package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 07 Jun 2015 23:23:34 +0200
Source: darktable
Binary: darktable darktable-dbg
Architecture: source amd64
Version: 1.6.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
pkg-phototools-devel@lists.alioth.debian.org
Changed-By: David Bremner brem...@debian.org
Description:
darktable - virtual lighttable and darkroom for photographers
darktable-dbg - virtual lighttable and darkroom for photographers (debug)
Closes: 783821 786792
Changes:
darktable (1.6.7-1) unstable; urgency=medium
.
* Bug fix: no longer ships gphoto2-{, port-}config which breaks
FindGphoto2.cmake, thanks to Emilio Pozuelo Monfort (Closes:
#783821).
* Bug fix: CVE-2015-3885: input sanitization flaw leading to buffer
overflow, thanks to Salvatore Bonaccorso (Closes: #786792).
Checksums-Sha1:
da5ee24d45e1b92a3aa2475a4b456575191524fe 2308 darktable_1.6.7-1.dsc
e28447308e2510b02dba9f0f564d4402d4b67a35 3113804 darktable_1.6.7.orig.tar.xz
3162e321d6a26224fdbedf70baf25b80127dbfe3 13552 darktable_1.6.7-1.debian.tar.xz
72c5b37498267d580363f3ac3f619a2e84632f6a 10192428
darktable-dbg_1.6.7-1_amd64.deb
0913e0d64f710cb48ed4f96707014d92fdef64f5 2583032 darktable_1.6.7-1_amd64.deb
Checksums-Sha256:
cb6859fd4edcc3dd0acee461c7256340cd5865c7ba60a8f1c60a7beb6667304f 2308
darktable_1.6.7-1.dsc
a75073b49df0a30cd2686624feeb6210bc083bc37112ae6e045f8523db4c4c98 3113804
darktable_1.6.7.orig.tar.xz
a4af6706b813965eeb24937d671520ff1369a1fcb0f7cd4c2e2b9d06fbab80f1 13552
darktable_1.6.7-1.debian.tar.xz
cbd06759471af4aa482233818b7816d5ab54a724fa72166a31770299c94842df 10192428
darktable-dbg_1.6.7-1_amd64.deb
a4c74273f8361b8134e711915be9b5d0994bea755e4ca02641a9119a154af32c 2583032
darktable_1.6.7-1_amd64.deb
Files:
45bac9be9cc95cc0771ed1690bf7a212 2308 graphics optional darktable_1.6.7-1.dsc
6648ab64ee6d00453910959bc6a99fbe 3113804 graphics optional
darktable_1.6.7.orig.tar.xz
92e8b535cde76dcce51c226d605de4ad 13552 graphics optional
darktable_1.6.7-1.debian.tar.xz
7dea4be258c0c2f2da1441c126bd7998 10192428 debug extra
darktable-dbg_1.6.7-1_amd64.deb
722d127fe0e290296337dc093089f17a 2583032 graphics optional
darktable_1.6.7-1_amd64.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQGcBAEBCAAGBQJVdMDYAAoJEPIClx2kp54sA0YMAJLxjxpECR3KKxLszoP10IDf
[Pkg-phototools-devel] darktable_1.6.7-1_amd64.changes ACCEPTED into unstable
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 07 Jun 2015 23:23:34 +0200
Source: darktable
Binary: darktable darktable-dbg
Architecture: source amd64
Version: 1.6.7-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
pkg-phototools-devel@lists.alioth.debian.org
Changed-By: David Bremner brem...@debian.org
Description:
darktable - virtual lighttable and darkroom for photographers
darktable-dbg - virtual lighttable and darkroom for photographers (debug)
Closes: 783821 786792
Changes:
darktable (1.6.7-1) unstable; urgency=medium
.
* Bug fix: no longer ships gphoto2-{, port-}config which breaks
FindGphoto2.cmake, thanks to Emilio Pozuelo Monfort (Closes:
#783821).
* Bug fix: CVE-2015-3885: input sanitization flaw leading to buffer
overflow, thanks to Salvatore Bonaccorso (Closes: #786792).
Checksums-Sha1:
da5ee24d45e1b92a3aa2475a4b456575191524fe 2308 darktable_1.6.7-1.dsc
e28447308e2510b02dba9f0f564d4402d4b67a35 3113804 darktable_1.6.7.orig.tar.xz
3162e321d6a26224fdbedf70baf25b80127dbfe3 13552 darktable_1.6.7-1.debian.tar.xz
72c5b37498267d580363f3ac3f619a2e84632f6a 10192428
darktable-dbg_1.6.7-1_amd64.deb
0913e0d64f710cb48ed4f96707014d92fdef64f5 2583032 darktable_1.6.7-1_amd64.deb
Checksums-Sha256:
cb6859fd4edcc3dd0acee461c7256340cd5865c7ba60a8f1c60a7beb6667304f 2308
darktable_1.6.7-1.dsc
a75073b49df0a30cd2686624feeb6210bc083bc37112ae6e045f8523db4c4c98 3113804
darktable_1.6.7.orig.tar.xz
a4af6706b813965eeb24937d671520ff1369a1fcb0f7cd4c2e2b9d06fbab80f1 13552
darktable_1.6.7-1.debian.tar.xz
cbd06759471af4aa482233818b7816d5ab54a724fa72166a31770299c94842df 10192428
darktable-dbg_1.6.7-1_amd64.deb
a4c74273f8361b8134e711915be9b5d0994bea755e4ca02641a9119a154af32c 2583032
darktable_1.6.7-1_amd64.deb
Files:
45bac9be9cc95cc0771ed1690bf7a212 2308 graphics optional darktable_1.6.7-1.dsc
6648ab64ee6d00453910959bc6a99fbe 3113804 graphics optional
darktable_1.6.7.orig.tar.xz
92e8b535cde76dcce51c226d605de4ad 13552 graphics optional
darktable_1.6.7-1.debian.tar.xz
7dea4be258c0c2f2da1441c126bd7998 10192428 debug extra
darktable-dbg_1.6.7-1_amd64.deb
722d127fe0e290296337dc093089f17a 2583032 graphics optional
darktable_1.6.7-1_amd64.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQGcBAEBCAAGBQJVdMDYAAoJEPIClx2kp54sA0YMAJLxjxpECR3KKxLszoP10IDf
qE7monzdo5vN/flfRwmFasYyZ+hqjttfmhgCad/rj+eVNUfFyPt2pzPHyEdGqbQd
dO51Vuo+wtCt6CayZfhcPHq1CG5DFD+r2iCA6AR9gutxzvPkQODJib9sbau1NAPB
3Tl9iCcY49TvOZn/qIKYTbEr0GwJqu8MbqY+pIgW2N6fKeHKcVX02riGQjN+bN+/
QIowrziLQlAzAajbLSJ+lQqgldrKcSuaLbb8bRN6IQIjdshrKW5cMImb4pHc3H5B
KktpGWYTEGicVG5r6xVTHm/xMlPYnCMsDoBlXM+xz7eJxSWrM/P7DwWaS6UIiBgX
mNRX4JRo0YbghUTPQTODuXYhvuC8olfmBb0lDvvBPBmTTe6xDoBy6YAiPs3clSXb
+LpCgYAoNRzRLAeup5bxmI3kRNC+gp1WZxF9rYdXuTtPzsJG2xj3vBFE8eI4gbpy
ethohyedkNszEFg2kDzRzibueF/gWLDCyfn1gtMVAA==
=R30t
-END PGP SIGNATURE-
Thank you for your contribution to Debian.
___
Pkg-phototools-devel mailing list
Pkg-phototools-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Hello
Hello dear new friend, my name is favour, i am a nice girl looking for a good man,please if i may ask you? can will be friends? IF yes this is my email contact me ( favourjam...@hotmail.com ) i am waiting for your message for more talk.On my replying back I will reply you with some pics of me for more correspondence. Hope to hear from you. Thanks, favour. here is my email Address ( favourjam...@hotmail.com ) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] openexr_1.6.1-12_sourceupload.changes ACCEPTED into experimental
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Fri, 05 Jun 2015 15:12:01 +0200 Source: openexr Binary: openexr openexr-doc libopenexr-dev libopenexr6 Architecture: source all Version: 1.6.1-12 Distribution: experimental Urgency: medium Maintainer: Debian PhotoTools Maintainers pkg-phototools-devel@lists.alioth.debian.org Changed-By: Mathieu Malaterre ma...@debian.org Description: libopenexr-dev - development files for the OpenEXR image library libopenexr6 - runtime files for the OpenEXR image library openexr- command-line tools for the OpenEXR image format openexr-doc - documentation and examples for the OpenEXR image format Changes: openexr (1.6.1-12) experimental; urgency=medium . * Fix symbols, make it 32 vs 64 bits Checksums-Sha1: 77e6f4833fcb01f0d31bf66e76d3c254343cde9c 2201 openexr_1.6.1-12.dsc 6bf178d5c0469c65a08261ddcba9893e17db7fde 21764 openexr_1.6.1-12.debian.tar.xz 95c76c70944cf60590a0d849c39a820760e40dd9 2721248 openexr-doc_1.6.1-12_all.deb Checksums-Sha256: c365ca24210b37765fddb794238c2d2d427214459372d2cc8245a6394f692679 2201 openexr_1.6.1-12.dsc 19478e9bc61b0b91fd985d57ba6e18a88cf54557f1254913b5213ca386a15801 21764 openexr_1.6.1-12.debian.tar.xz 579520fe8684cfc21fc9b5c41ce784aba08774e1ce91babf17583674fdfd6ba5 2721248 openexr-doc_1.6.1-12_all.deb Files: 115b7aa20683e754e13619ee8c0e3241 2201 graphics optional openexr_1.6.1-12.dsc 0d87082171d0642d73cc0a1ce4991ff4 21764 graphics optional openexr_1.6.1-12.debian.tar.xz af12f96e27bcf1602eee7ba1ff1d67ba 2721248 doc optional openexr-doc_1.6.1-12_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVdWW8AAoJEAFx4YKK4JNFV3gP/26YMCizvZNVo5d7uuyv1nQf Qs9kgq2Nm2K3oB1K2+c+oIX6NeTSUSxPEMqOyFPMOoekHk6si82sJHclpuW/3Rzb OyyHzrj4hAYepczTDaanAcDLMv2nHx8I5zhbEDrybBKKjjkTwmV1bPIHk1f+yKJI S/Jdh3k23PpseGZliUiexCwq4c91ft/jSCx6x9ZLzkmwT9JGsb41re4f5ff92mYf Gc21YA1QEL+YBv5UVdUjB+f5j3InooGRM9U0m0qR/mZzix6eu7OoxrYN9bJKTEEv +JfsH9jvwPmCEWPAiQKD8bxMc611JUBPBH5fyWdNvQg/4exgcqdL1ifdQyUEVcLt S5TdNh1BS3nmubdFvBgc5tKSxHjYA5bn0jlRJeKw8uwKC03SbaUBKCtUStbQFoHK gefzxV7YgbjivjJFbtn3w+5V5Z2BONEIxkIvjuywLIKRJrGRX+vpDz39NTp5u6uU WuwDHsBJ8jCcMeDi7mrYrFpjL6DSwn/WBFU9085mVAzSiBTzSHarC/cnbxghimMF Mg4BdR41S49gSWrAiNIxFnDi+liJpZJAKJdHAZwH50/KBLZTsg3bpMGmBmQuSUzM /8L5tSw6/jcrM6QN4Q5DkCqQAsdcoz47qf9cCK9pwTPc4y7mhvlITttlFjJcksW5 yjpp8lGSa6O58NPBjXb0 =dU+w -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processing of openexr_1.6.1-12_sourceupload.changes
openexr_1.6.1-12_sourceupload.changes uploaded successfully to localhost along with the files: openexr_1.6.1-12.dsc openexr_1.6.1-12.debian.tar.xz openexr-doc_1.6.1-12_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Hello
Hello dear new friend, my name is favour, i am a nice girl looking for a good man,please if i may ask you? can will be friends? IF yes this is my email contact me ( favourjam...@hotmail.com ) i am waiting for your message for more talk.On my replying back I will reply you with some pics of me for more correspondence. Hope to hear from you. Thanks, favour. here is my email Address ( favourjam...@hotmail.com ) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#788102: ilmbase: fatal error: asm/sigcontext.h: No such file or directory
Source: ilmbase Version: 2.2.0-3 Severity: normal Currenly ilmbase fails to build on non-linux arch because of the following try-compile. ilmbase checks for an old bug in GNU libc [...] // // Ugly, the mxcsr isn't defined in GNU libc ucontext_t, but // it's passed to the signal handler by the kernel. Use // the kernel's version of the ucontext to get it, see // asm/sigcontext.h // #include asm/sigcontext.h [...] This code path is only executed when the following autoconf step fails: AC_MSG_CHECKING(for fpe support handling) control_register_support=no AC_TRY_COMPILE([ #include stdint.h #include ucontext.h ],[ ucontext_t ucon; uint32_t mxcsr = ucon.uc_mcontext.fpregs-mxcsr; uint16_t cw= ucon.uc_mcontext.fpregs-cwd; ], AC_DEFINE(ILMBASE_HAVE_CONTROL_REGISTER_SUPPORT) control_register_support=yes) AC_MSG_RESULT($control_register_support) If I check online, it appears that ilmbase compile and runs nicely on FreeBSD, therefore ucontext.h does not seems linux specific after all: https://www.freebsd.org/ports/graphics.html#ilmbase-2.2.0 -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (700, 'stable'), (100, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#788102: ucontext.h on kFreeBSD
[CC me please] Could someone please let me know if the following is valid on kFreeBSD ? #include stdint.h #include ucontext.h int main() ucontext_t ucon; uint32_t mxcsr = ucon.uc_mcontext.fpregs-mxcsr; uint16_t cw= ucon.uc_mcontext.fpregs-cwd; } ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Private and confidential
Hello, I am Ling Lung a bank manager with an investment bank, I have a business deal of mutual funds benefit. Get back to me for details if you are interested. L. Lung ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
